02-26-2003 05:43 AM - edited 03-09-2019 02:15 AM
I have a 501e that I'm really suspicious of. I have several locations with 501e's, and I had previously set this one up at a location and had connectivity issues, when I changed firewalls, I also changed configs so I was unsure if the firewall in question was really bad or not.
I just tried placing it in a different location, and am experiencing the following:
After configuring the outside ip address to match the ip supplied by the cable modem, setting the route, I would check sho int and it would say int e0 is up, line protocol is up.
Then I would do a ping from within the CLI to outside IP addresses I know are consistently up, and get a general response like the following for all IP's tried.
x.x.x.x response received -- 60ms
x.x.x.x NO response received -- 1000ms
x.x.x.x NO response received -- 1000ms
Occasionally I would get something like
x.x.x.x response received -- 60ms
x.x.x.x NO response received -- 1000ms
x.x.x.x response received -- 100ms
I could never see through the firewall from the desktops, but I had a friend with a linux box say he could get about 50% ping to the firewall's outside IP. I am currently off site and cannot ping the firewall's outside IP from my desktop though with a win2k box.
Another interesting fact to note is that I tried to swap between a straight-through cable and a crossover cable and got the same response. I was under the impression that the 501 would not do any sort of auto-switching.
If it doesnt, then how was I able to get the same sort of ping outs on both cables?
The only other issue I can think of is possibly with connecting to the cable modem. When I connect a desktop to the modem directly, it picks up the IP by dhcp. With other cable modems in the past I've been able to assign the designated IP directly to a router and not have an issue. The cable company says the IP shouldnt change for 6 months... so is there any way that it could be having a problem using that dynamic IP and treating it like a static? (other than the fact that when it does eventually change, i'll have to be on site to fix it)
Thank you for your time,
Dave
03-04-2003 08:26 AM
Most cable connections use a type of PPPoE, that is the host should send a
hostname. The PIX does not do that at this time.
So the work around would be that hard code the outside address and set a static route.
Set the inside PC to point at the pix and set the DNS servers there.
03-04-2003 10:24 AM
ehh...
First, DSL uses PPPoE, Cable generally does not.
Second, PIX 6.2.2 does support PPPoE, I know because I use it on 2 of my 4 PIX firewalls to authenticate to DSL lines. It's done with VPDN.
Third, As I stated, I was hard coding the static route and outside address.
I think I have this problem resolved on my own though, as I suspected it was a hardware issue. Cisco has RMA'd my 501e and I have the new one working in a test environment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide